package SV_CSRF_GET;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class Vulnerable {
    void doGet(HttpServletRequest req, HttpServletResponse resp) {
        if (!isValidRequest(req)) {
            handleInvalidRequest(req, resp);
        } else {
            update(req, resp);
        }
    }

    private boolean isValidRequest(final HttpServletRequest req) {
        return req.getParameter("_csrf_token").equals(req.getSession().getAttribute("_csrf_token"));
    }

    private void update(HttpServletRequest req, HttpServletResponse resp) {
        //...
    }

    private void handleInvalidRequest(HttpServletRequest req, HttpServletResponse resp) {
        //...
    }
}
